Advanced Panelboxes for Confluence

id	1
title	Exercise Overview:

Table of Contents

maxLevel	3
minLevel	2
indent	20px
exclude	Summary\|On this page\|In this section...
separator	newline

Installing Tachyon

In this lab, we will install all Tachyon components onto the same server which we have prepared with the prerequisites, 1ETRNAP. This includes the roles and features required for the Tachyon installation. In addition, we will deploy the Tachyon clients once the server components have been installed.

Installing Tachyon components

Install Tachyon components

In this task, you will install Tachyon components on the Application server (1ETRNAP).

1evirtualmachine
1ETRNAP

1eolstart

1eli
On 1ETRNAP Launch the SkyTap Shared Drive shortcut from the desktop and download 1E Tachyon - Course Content\Tachyon v5.2 - Course Content\TachyonPlatform.v5.2.5.165.zip to C:\Temp (if a password window is shown the password is Passw0rd)

1eli
Also download tachyon.lic from 1E Tachyon - Course Content\Tachyon v5.2 - Course Content\ to c:\temp

1eli
Navigate to c:\temp and right click on TachyonPlatform.v5.2.5.165.zip and choose Extract All

1eli
From C:\Temp\TachyonPlatform.v5.2.5.165 double click Tachyon.Setup.exe

1ehot tip
The user we're logged in with, 1ETRN\AppInstaller is a local admin on this server and has sysadmin rights in SQL. Both rights are required to install Tachyon.

1eli
On the Welcome page click Next

1eli
On the Documentation page, click Next

1eli
On the License Agreement page select I accept the terms of the license agreement and click Next

1eli
On the License file page, click browse and select tachyon.lic in c:\temp. Click Open. Click Next

1eli
Review the properties of the license file to get a feel for what it entails. Specifically, the MaxCount value as well as the thumbprints for the different Features

1eli
On the Select Configuration page, confirm the install location is C:\Program Files\1E and Click Next

1eli
On the Check prerequisites page click Start checking

1ediscussion point
Note all the different prereqs that are required for Tachyon. In a production environment, different components might already be installed on the server. The Tachyon installer will check for all the prereqs and allow you to install the outstanding ones directly through the installer using PowerShell scripts.

1eli
Click Install missing prereqs

1ehot tip
A PowerShell window will open for each prerequisite.

1eli
Once all the prerequisites are installed, click on Check Again to revalidate. Click Next

1eli
On the Server certificate page Select the Tachyon Web Certificate, note that all the available Computer Certificates enrolled on this server are displayed. Click Next

1ewarning

The following three properties, Subject, Serial number and Signature algorithm are not expected to show green checks in the Result column, there will be a warning on Subject alternate name, as we only have one DNS name, we do not have a DMZ server, if the remaining Properties do not show the tick then the certificate was not configured properly. You will need to delete the certificate and re enroll it using the correct properties, or possibly create a new template.

1eli
On the Client certificates page, Click Next

1eli
On the Database server page, ensure that (local) is in each field. Click Validate. On the validation passed box, click Ok. Click Next

1eli
On the BI SSAS database settings page, in the BI SSAS User (domain account) section enter 1ETRN\svc_BI in Username and Passw0rd in the password fields. ensure that (local) is in the SSAS server field. Click Validate. Click Ok on the Validation passed box. Click Next

1eli
On the Number of Devices page, ensure the Number of devices is set to 1500. Click Next

1ewarning
The license is client count sensitive, so Tachyon will not work if you set it to higher than the license count from your license file.

1eli
On the Switch configuration page, click validate. There are two warnings these can be looked at, but do not need remediation. Click Next

1eli
On the Website Configuration page, in the Main website binding section leave the default settings. and leave all other default settings, click Next

1ehot tip
The HTTP Host Header is used internally by Tachyon components; thus, we use the FQDN of the server. The HTTPS Host Header will be used by Tachyon agents and Tachyon users; thus, we use the DNS alias. If you clicked validate, then you can ignore the error message at this time, we will rectify it later.

1ehot tip

The HTTPS Host header sets the host header used by the alternate HTTPS binding used by the Tachyon website.

This is mandatory when installing on a DMZ Server, and used for the internal-facing network.

Optionally used by the following if you do not want the the main HTTPS binding, for example if you want to use a different HTTPS port:

Tachyon clients connecting to the background channel
Application Migration clients running task sequence and connecting to the SLA Provider API
AppClarity software reclaimer connecting to the SLA Provider API

1eli
On the Active Directory and email Configuration page, enter the following and Click Validate, close the validation check. Click Next

1eimplementationicontable
Active Directory: LDAP://1etrn.local SMTP Server: 1ETRNDC.1ETRN.LOCAL Mail From: Tachyon@1etrn.local Enable two-factor authentication: Checked

1ehot tip
Two-factor authentication prompts users to enter a onetime authorization code in addition to their password to confirm the submission of an action instruction. The code is delivered via email or to a registered mobile device. If this setting is disabled, administrators can execute instructions without the second factor authentication.

1eli
On the Telemetry page read the screen, but leave I consent checked. Click Next (enabling or disabling and setting the frequency at which the data is sent is looked at in Ex 8 - Tachyon v5.2 - Install and Configure - Post installation optional configuration) Also leave User Interface telemetry unticked, this is also looked at in Ex8

1eli
On the SLA and 1E Catalog page, DO NOT Check the Enable AI-based auto-curation. Click Next

1ediscussion point
We cover AI-based auto-curation in the AppClarity course. And how to enable this post install in Ex 8 - Tachyon v5.2 - Install and Configure - Post installation optional configuration

1eli
On the Nomad synchronisation page, enter 1ETRNCM as the Configuration Manager Site server

1eli
Leave the Nomad sync value set to 30, and click on Validate, a message stating no errors were detected should be displayed

1eli
In the Certificate to be used by the Background Channel Proxy, click Select and choose the Certificate with the longest Expiry Date, and select Client Certificate in the type of authentication drop list, and click OK

1eli
Click on Validate, a message stating no errors were detected should be displayed, click OK and then click Next

1eli
On the Ready to Install page, click Install. It will take a few minutes to finish the install. You can see the install log scrolling

1eli
On the Installation results, click Next

1eli
On the Post-installation Checks, Click Start Checking.

1ediscussion point
This will display a check of all the components installed and ensure they are configured correctly. If there are any issues the Tachyon Installer will help you resolve them.

1eli
Scroll through the checks and on the first warning – Configuration of loopback-check security feature. Click on Warning in the Info column. In the Warning box click on Fix this issue for me. In the Done box click Ok

1eli
If there are any other errors or warnings click on them to investigate

1eli
The final row of the Post Installation checks is the Product Packs are available option click on the Deploy link.

1ebest practice

We could at this stage decide to ignore this but we will invoke the Tachyon Product Pack Deployment Tool to automatically import any product packs and move them into instruction sets (named the same as the .zip file). There is already a folder called ProductPacks in the same location as the Tachyon.Setup.exe (which we have just downloaded and extracted). The ProductPacks folder contains by default the files for the Tachyon Product Pack Deployment Tool and the Classic and Integrated folders with some 1E Product Packs you may want to bulk import into Tachyon. You can also add any additional product pack.zip files you have created or downloaded and wish to import.

We will in later exercises look at uploading Product packs from the Tachyon Exchange.

1eli
The Tachyon Product Pack deployment tool will open, the server URL is pre populated with the URL, In the middle section the product packs are listed, all are selected, and in the Results panel the version of the Deployment Tool and the connection status is listed.

1eli
Click on Upload selected, the product packs are now being uploaded and assigned to Instruction Sets.

1eli
Once completed click close

1eli
Click close again to close the Tachyon Setup wizard

1eli
Following the step to fix the loopback-check a reboot was prompted to be carried out prior to continuing with the install, restart the server at this point

Review the installation

In this task, you will observe the changes made by the Tachyon server installation

1evirtualmachine
1ETRNAP

1eolstart

startat	39

1eli
Log back into the server as 1ETRN\AppInstaller after the reboot

1eli
Launch Google Chrome and navigate to https://tachyon.1etrn.local/tachyon (following a fresh install it can take a few minutes for the license to be checked and the screen to populate, you may see an error message, refresh the screen a few times it will clear)

1eli

The Tachyon Portal should open and display the 9 Applications that are available – AppClarity, Application Migration, Experience, Explorer, Guaranteed State, Inventory, Nomad, Patch Success, and Settings. Some will have a green check mark as our license allows us to have all of the Applications, and the user alread has permissions, others will show a red warning as we are yet to configure permissions.

1eli
Browse to C:\Program Files\1E\Tachyon and note the following folders:

Folder	Description
Background	Binaries associated with the Background Channel, which is used to download content to clients
ConfigurationViewer	Binaries used for validation and troubleshooting. The Configuration tool also allows for exporting of configuration to disk.
Consumer	Binaries associated with the Consumer API. It provides access to the Tachyon platform via IIS
Coordinator	Binaries associated with the Workflow and Instrumentation services
Core	Binaries associated with the Core component and its APIs
Database	Binaries associated with the configuration of the Master and Response databases
Experience	Binaries associated with the configuration of the Experience component
Portal	Binaries for the Portal to display the Applications that are available to launch.
Switch	Binaries associated with the Switch service used to provide real time communication between Tachyon agents and the Platform
TachyonExternal	Folder defining the Tachyon website. Also, used to manage redirection

1eli
Open Internet Information Services (IIS) Manager from the start menu. Navigate down to the websites and expand Tachyon

1eli
Note the different web applications running under Tachyon

1eli
With the Tachyon website selected, click on Bindings in the Actions pane on the right, select the https type, and click Edit

1eli
Note that the web certificate we enrolled is bound to the website on https port 443. Exit out of bindings

1eli
With the Tachyon website selected, double click on IP Address and Domain Restrictions in the middle pane. Note nothing is configured here

1eli
Click on each individual application beneath the Tachyon website and double click each of the Authentication, SSL Settings and IP Address and Domain Restrictions and confirm they are set as shown. Note that some have Requestors configured, while others do not

Application	Authentication	SSL Settings	IP Address and Domain Restrictions
Tachyon	Windows	Require SSL	Not Configured
Admin	Windows	Not Configured	Not Configured
Background	Anonymous and Windows	Require SSL	Not Configured
CatalogWeb	Anonymous and Windows	Not Configured	Not Configured
Consumer	Windows	Require SSL	Not Configured
ContentDistribution	Anonymous and Windows	Not Configured	Not Configured
Core	Anonymous	Require SSL	Local IP addresses
CoreExternal	Anonymous	Not configured	Not Configured
Experience	Windows	Require SSL	Not Configured
Platform	Windows	Not Configured	Not Configured

1ebest practice
Tachyon is set up on both HTTP port 80 and HTTPS port 443. HTTP on port 80 is used only internally by different Tachyon components, thus explicit permissions are given only to those applications. This ensures a higher level of security.

1eli
Open the Services applet from the start menu. Validate the 2 Tachyon services running, 1E Tachyon Coordinator and1E Tachyon Switch Host, as well as the 1E Catalog Update Service, and the 3 SLA 3 Services that begin 1E SLA Platform services

Service	Description
1E Tachyon Coordinator	This service is a central component that manages all the components other than the switch.
1E Tachyon Switch Host	This service is used to control all the switch processes configured to run. It automatically starts each Switch process, restarting them if they terminate, and allowing them to be stopped gracefully via the Service Control Manager.

1eli
Browse to C:\ProgramData\1E\Licensing. Note the files in here

1ehot tip
These files are used to validate the licensing against a back-end licensing server in the cloud. Note the Tachyon license file(.lic) used to install Tachyon is also present here.

1eli
Browse to C:\ProgramData\1E\Tachyon. There are multiple folders and logs here associated with different Tachyon components

1eli
Open the Tachyon.Switch.Host.log. Search for NumberofSwitches. Note that the log shows the 1 switch we installed

1ebest practice
Up to 5 switches can be installed on a single server, and the 1E Tachyon Switch Host service would manage them all. Each switch can manage 50,000 devices for a total of 250,000 devices per server.

1eli
Open Tachyon.Switch.Host.log. Note the configuration information and the application of the certificate

1eli
Open the Tachyon.Coordinator.log. Search for AnalyzeCertificate: Note our thumbprint and the details on our certificate. Note the next lines in the log shows our license being checked and becoming active and the date that it will expire

1eli
Note the 5 folders under C:\ProgramData\1E\Tachyon: Content, Installers, PerfCounters, PolicyDocuments and Updates, all but PerfCounters have a web.config file

1ehot tip
The Content folder contains any content, generally in the form of scripts, which are required for instructions. These scripts are embedded into the Instruction XML file but are extracted and placed in this folder to allow agents to download them via the Background Channel using IIS. We will get into Instruction and scripts soon enough.

1ehot tip
The Installers folder would contain installers if we are updating the Tachyon agent via Tachyon itself.

1ehot tip
The Updates folder is used to update the Tachyon agent through Tachyon itself without having to redeploy an msi.

1eli
From the Start screen, start SQL Server Management Studio, connect to the local Database Engine, and navigate to the Databases node. Expand the TachyonMaster database. Note that the installer has created objects (tables, stored procedures etc.)

1eli
Expand the TachyonResponses database. Expand tables, and note that there are a very small number of objects created

1ediscussion point
The Response database holds transient data on a per action basis temporarily, hence it is a very basic database.

1eli
Expand the SLA-BI database. Look at the tables that are created

1eli
Expand the BI.Event Log table. This table holds the Business Intelligence event log date

1eli
Right click the BI.Event Log table and choose Select Top 1000 rows. Notice the columns

1ehot tip
You may not see any data here. If you needed to troubleshoot any BI or Cube Data issues you would look in this table for information.

1eli
From the Task Bar, open Google Chrome and browse to https://tachyon.1etrn.local

1ehot tip
Note the error. This is due to the restrictions that have been set in IIS on the different spaces within the website.

1eli
Go back to Google Chrome and Browse to https://tachyon.1etrn.local/tachyon

1ediscussion point
If you are familiar with the prior versions of Tachyon notice the change. We no longer navigate to the Tachyon Explorer via https://tachyon.1etrn.local/Explorer - now we have the Tachyon Portal. The Tachyon Explorer is still here, don't worry!

1eli
From the Tachyon Portal click on the Settings Application

1eli
Explore the other nodes that are available. Instructions will be empty. We will add some instructions sets later

1eli
Click on Switch app and notice the available options

1ehot tip
You will not be able to open any of the other applications as this account has limited access to the platform. Notice that our account cannot even see AppClarity, Explorer, Experience, Inventory, Guaranteed State or Patch Success in the Switch App menu.

1eli
In the Settings Application and navigate to Permissions - Users

1eli
Note the only user displayed is the user we installed Tachyon with (aside from Network Service and the app server machine account)

1eli
Click on 1ETRN\Appinstaller and review the permissions

1ebest practice
By default, the account that Tachyon is installed with has limited rights, one of them being Permissions Administrators, which can create new users and roles. This account cannot change its own permissions, so it is important to use an installer account which you do not want to have any admin rights beyond the basic rights afforded the installer account.

1eli
Navigate to Monitoring - Infrastructure Log and Audit Information log to review the different actions taken within Tachyon since install

1eli
Spend a few minutes looking around. We will get into the finer details of the platform in the next lab

Installing the 1E Client

Now that the back end has been installed, it is time to get some clients reporting into our environment. In this exercise, we will install the 1E Client manually on a single machine, and then deploy the client to the rest of our environment via ConfigMgr. As of this version of Tachyon the 1E Client has replaced the Tachyon Agent.

Copy the 1E Client Install to the Config Mgr Server

1evirtualmachine
1ETRNAP

1eolstart

startat	71

1eli
Log into 1ETRNAP as 1ETRN\AppInstaller

1eli
Launch the skytap shortcut from the desktop. Download and copy 1E Tachyon - Course Content\Tachyon v5.2 - Course Content\1EClientDeploymentAssistant.v1.6.0.21.zip to c:\temp then right click and extract all

1eli
Navigate to Agent Installation Files and Copy the 1E Client 5.2.2.523 folder to ConfigMgrSource\software via the shortcut on the desktop

Install the 1E Client Manually

1evirtualmachine
1ETRNW101

1eolstart

startat	74

1eli
Ensure all workstations are powered on

1eli
Log onto 1ETRNW101 as 1ETRN\User

1eli
From the start menu, type Certificate and click on Manage computer certificates to launch the certificates mmc console

1eli
In the console, right click Personal, and select All Tasks>Request New Certificate

1eli
Click Next

1eli
On the Select Certificate Enrollment Policy click Next

1eli
Note there is only one certificate available for enrollment. Select the Computer certificate and click Enroll

1eli
Once enrolled, click Finish

1ehot tip
A client certificate is required to authenticate against the Tachyon switch. The certificate has been enrolled on all the other clients, including the servers, ahead of time. If a Windows client certificate already exists on your client devices, no additional certificates will be required.

1eli
From the ConfigMgr Content Source folder on the desktop, navigate down to \software\1E Client 5.2.2.523

1eli
Copy 1E.Client-x86.msi to c:\sources

1eli
From the taskbar, run the command prompt

1eli
Switch to the c:\sources directory and run the following command line to start the 1E Client installation wizard

Code Block
msiexec /i 1E.Client-x86.msi /l*v 1EClient.log

1eli
On the Welcome to the 1E Client Installer screen click Next

1eli
On the License Agreement screen select I accept the terms of the license agreement and click Next

1eli
On the Installation Folder screen accept the default location and click Next

1eli
On the Tachyon screen, enter TACHYON.1ETRN.local:4000 for the Switch

1eli
On the Background Channel URL, enter https://tachyon.1etrn.local/Background for the Background Channel. Click Next

1eli
On the Nomad screen, select the Enable Nomad Checkbox

1eli
Select the Enable Platform features Checkbox

1eli
Select the Content registration Checkbox

1eli
Leave Single-Site Download (SSD) and Use FIPs encryption unchecked and click Next

1eli
On the PXE Everywhere screen, select the Enable PXE Everywhere checkbox

1eli
Set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx

1eli
Leave the other checkboxes unchecked and click Next

1eli
On the Shopping screen, Click Next

1eli
On the WakeUp screen, click Next

1eli
On the Ready to Install the 1E Client screen, Click Install. On the User Account Control pop-up click OK. When install is completed, click Finish

Validate the 1E Client Install

1evirtualmachine
1ETRNW101

1eolstart

startat	101

1eli
On the client machine, launch the Services applet from the desktop

1eli
Confirm the 1E Client and the 1E Nomad Branch services areinstalled and are running

1eli
Navigate to c:\programdata\1E\Client

1eli
Note there are DBs and Persist folders and a log file present

1eli
Double- click the 1E.Client.log file and review the log (ensure the client has connected to the switch: Connected to Switch tachyon.1etrn.local

1eli
Note upon service startup, the client is setting the Switch to tachyon.1etrn.local:4000 as defined in the installer

1eli
Review the other settings in the log

1eli
There are 2 subfolders: DBs and Persist

1ehot tip
The Persist folder holds the persistent data for the client. Items such as last instruction processed, or tags reside here. We will review this folder later when we use Tachyon. The DBs folder contains an encrypted database where the Tachyon Activity Record feature stores data from various data sources.

1eli
Navigate to c:\program files\1E\Client and review the content

1eli
Right-click 1E.Client.conf and select Open With and open with Notepad

1eli
Review the different sections of the config file, ensuring you *do not make any changes*. Note that the settings displayed in the log file are all defined here

1ediscussion point
The 1E Client settings are defined in the config file. In a later exercise, we will use Tachyon itself to make changes to these settings.

1eli
Close the config file, ensuring no changes were made. If asked to save it, click NO

1eli
Click in the system tray and observe there is an icon to provide feedback to IT, this is for Surveys which will be looked at in the Using Experience training

Installing the 1E Client using the 1E Client Deployment Assistant via ConfigMgr

In most enterprises, there will be a Systems Management platform to manage devices in the environment. In our lab we will use ConfigMgr, but the concept of deploying the 1E Client as a piece of software will apply to any Systems Management platform.

1evirtualmachine
1ETRNCM

1eolstart

startat	114

1eli
Log into 1ETRNCM as 1ETRN\SCCMADMIN

1eli
Navigate to \\1etrnap\Temp and copy the 1EClientDeploymentAssistant.v1.6.0.21 folder to c:\temp

1eli
Open the copied folder and launch the 1EClientDeploymentAssistant.exe

1eli
Click Run on the Open File - Security Warning

1eli
On the Welcome page click Next

1eli
On the License Terms page check I accept the license terms. Click Next

1eli
On the Configuration Manager Connection page click connect. Once it connects click Next

1eli
On the General settings page 1E License File field click browse and select the licenses.txt file in the 1EClientDeploymentAssistant folder

1eli
On the Application and Package Content Sources fields type in \\1etrndc\ConfigMgrSource\Software

1eli
Check the Distribute Content box and select All Distribution Points from the drop-down. Click Next

1eli
On the Agent selection page Uncheck all the boxes except for the 1E Client 5.2.2.523. Click Next

1ehot tip
If we were installing PXE Everywhere, NightWatchman, or Web Wakeup the license keys would be populated from our licenses.txt file located in the same folder as the Client Deployment Assistant executable. We are only installing the Tachyon module of the 1E Client for this lab so we do not need a license key as Tachyon is licensed on the server components.

1eli
On the 1E Client 5.2.2.523 page Change the Limiting Collection to All Desktop and Server Clients Click Next

1eli
On the Tachyon and other client settings page Switch field type in Tachyon.1etrn.local:4000

1eli
In the Background Channel field type in https://tachyon.1etrn.local:443/Background

1eli
Leave Enable Inventory and Enable Interaction checked and click Next

1eli
On the Nomad Client Settings page, check the Enable Nomad checkbox, and accept the defaults for Log Path and Log Size. Ensure that only Hidden Nomad Share, Prevent Failing Over to BITS, Delivery Optimization Reporting and P2P Protocol SMB are selected. Click Next

1ediscussion point
We will be enabling Single Site Download, Fanout and Peer Backup Assistant in the Nomad course.

1eli
On the PXE Everywhere Settings page select the Enable PXE Everywhere checkbox

1eli
Set the PXE Everywhere Central Web Service to: http://1etrncm.1etrn.local/PXELite/PXELiteConfiguration.asmx and click Next

1eli
Once the Summary page activates the Create button click Create

1eli
Once that completes click Next

1eli
Click Finish

1eli
Launch the ConfigMgr console from the taskbar

1ebest practice
Our lab is configured to create our applications and packages for only workstation class devices. You can modify this by editing your AppImport.xml in your 1E Client Deployment Assistant folder. We will edit our application to include the servers.

1eli
Navigate to Software Library – Application Management – Applications

1eli
Select the 1E Client 5.2.2.523 and click Deployment Types tab at the bottom

1eli
Right Click the 1E Client x64 deployment type and choose Properties

1eli
Click the Requirements tab. Click the Operating System requirement type and click the edit button

1eli
Scroll down and select all the x64 Server Operating Systems also. Click Ok. Click Apply. Click Ok

1eli
Navigate to Assets and Compliance and click on Devices

1eli
Multi-select all the devices in the Lab except for 1ETRNDC and add them to an existing collection – 1E Client 5.2.2.523 – Required

1eli
Once the collection membership shows 7

1eli
Right Click on the 1E Client 5.2.2.523 – Required collection and choose Client Notification – Download Computer Policy

1ediscussion point
At this stage, the 1E Client has been deployed to all the clients in the lab environment. We will move onto the next exercise and validate that the clients have installed a bit later, as the deployment will take a few minutes.

1eli
Repeat the client validation steps from above on any of the workstations to ensure the client has installed correctly

Lab Summary

In this lab, we installed Tachyon on a single server. We used components from the prereqs we installed/configured in the previous lab required by Tachyon. Once installed, we validated the install by evaluating the binaries, the web components, the services, and the databases. Once validated, we launched the Tachyon Portal, and reviewed the console.
We then installed a 1E Client manually on one workstation. We validated the install on the client, then configured a package for deployment of the 1E Client agent via ConfigMgr. Once the package was created, we deployed it to our 1E Client collection for install.

Next Page
Ex 3 - Tachyon v5.2 - Install and Configure - Configure Users and Roles

Page tree

Versions Compared

Old Version 7

New Version Current

Key

Installing Tachyon

Installing Tachyon components

Install Tachyon components

Review the installation

Installing the 1E Client

Copy the 1E Client Install to the Config Mgr Server

Install the 1E Client Manually

Validate the 1E Client Install

Installing the 1E Client using the 1E Client Deployment Assistant via ConfigMgr

Lab Summary